ApTask
Splunk Engineer
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Splunk Engineer with a contract length of "Unknown," offering a pay rate of $60-$65/hr. Key skills include 3-5+ years of Splunk administration, data onboarding expertise, and strong Linux/scripting knowledge. Location is "Unknown."
🌎 - Country
United States
💱 - Currency
$ USD
-
💰 - Day rate
520
-
🗓️ - Date
October 4, 2025
🕒 - Duration
Unknown
-
🏝️ - Location
Unknown
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
San Jose, CA
-
🧠 - Skills detailed
#Linux #Automation #Cloud #Normalization #Python #REST (Representational State Transfer) #Compliance #Scripting #Azure #SaaS (Software as a Service) #Storage #Project Management #Splunk #Security #Clustering #Consulting #DMS (Data Migration Service) #Bash #Deployment #AWS (Amazon Web Services) #Cybersecurity #VMware #ML (Machine Learning) #"ETL (Extract #Transform #Load)" #Base
Role description
About Client:
The client is a global technology solutions provider which offers a broad range of services including IT consulting, supply chain management, and the integration of advanced technology solutions for large organizations. The company partners with top tech firms like Cisco, Dell, and VMware, helping clients innovate through digital transformation, cloud computing, cybersecurity, and data analytics. It is known for its Advanced Technology Center (ATC), where customers can test solutions in a virtual lab environment. With a commitment to diversity, it has been recognized for its culture and innovative approach.
Rate: $60-$65/Hr
Job Description:
• Keeping a multi-site Splunk Enterprise (indexer clustering + SHC) healthy: upgrades/patching, daily/weekly health checks, capacity & license management, DR tests.
• Onboarding data cleanly and securely: forwarders/syslog/HEC; sourcetypes, props/transforms, timestamping/line-breaking, field extractions, retention.
• Improving performance and reliability: monitor ingestion/search performance, queues, storage/bucket health; remove bottlenecks; tune searches and data models.
• Enabling users: create/optimize SPL searches, dashboards, alerts; advise engineers, SREs, and SecOps on best practices and troubleshooting.
The most important duties are
• Operate and harden a multi-site Splunk Enterprise environment (indexer clustering, SHC, deployer/deployment server, RBAC, app lifecycle).
• Monitor and tune ingestion, search, and storage (RF/SF validation; bucket health; NFS tuning; queue depths).
• Lead data onboarding projects across on-prem, SaaS, cloud (Azure/AWS), K8s; ensure auditability and data-handling policy compliance.
• Build/optimize SPL, dashboards, alerts; coach consumers on SPL and performance patterns (tstats, accelerations, base/inline searches).
• Maintain DR posture and execute/verify failovers.
Requirements:
• 3–5+ years administering Splunk Enterprise at multi-TB/day scale, including indexer clustering and SHC in multi-site deployments.
• Expert SPL and performance tuning (tstats, data models/accelerations, search optimization).
• Deep data-onboarding skills (forwarders/syslog/HEC) and props.conf/transforms.conf mastery (timestamps, line-breaking, field extraction, value normalization).
• Strong Linux admin + scripting (bash, Python); networking/TLS fundamentals.
• Experience with NFS-backed indexers (operational tuning/gotchas).
• Clear communicator with a customer-enablement mindset; documents well; bias for automation.
• Nice-to-have: Splunk Architect cert; experience with ES, ITSI, MLTK, and SOAR; familiarity with data-science/ML concepts (to partner with teams, not to lead research).
The simplest and easiest way to see that this job is done well is...
• Cluster health green: RF/SF consistently met; successful failover tests.
• Low ingest error rate and low data latency to index; stable license utilization.
• Search KPIs: median and P95 search times within agreed SLOs; reduced scheduler/skipped search rates.
• Clean data: correct timestamps, low unknown sourcetypes, stable field extraction accuracy.
• User outcomes: growing self-service usage, actionable dashboards/alerts, and satisfied internal customers (shorter MTTR for incidents).
• No audit/compliance exceptions related to Splunk data handling or access controls.
Basic qualifications
• 3–5+ years hands-on Splunk Enterprise administration at scale (multi-TB/day), including indexer clustering, SHC, deployer/DS, license mgmt.
• Strong SPL and performance tuning (tstats, DMs, accelerations, base/inline searches).
• Data onboarding expertise: forwarders/syslog/HEC; props/transforms; timestamping/line-breaking; field extractions; retention planning.
• Linux + scripting (bash/Python); networking/TLS fundamentals.
• Experience operating with NFS-backed indexers.
• Nice-to-have: Splunk Architect cert; ES/ITSI/MLTK/SOAR; familiarity with data-science/ML concepts.
Non-benefitted (other than those mandated under state or federal law).Please note that this position does not include paid time off benefits. ApTask offers subsidized insurance coverage to our employees.
About ApTask:
ApTask is a leading global provider of workforce solutions and talent acquisition services, dedicated to shaping the future of work. As an African American-owned and Veteran-certified company, ApTask offers a comprehensive suite of services, including staffing and recruitment solutions, managed services, IT consulting, and project management. With a focus on excellence, collaboration, and innovation, ApTask provides unparalleled opportunities for professional growth and development. As a member of the ApTask team, you will have the chance to connect businesses with top-tier professionals, optimize workforce performance, and drive success across diverse industries. Join us at ApTask and be part of our mission to empower organizations to thrive while fostering a diverse and inclusive work environment.
Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.
Candidate Data Collection Disclaimer:
At ApTask, we prioritize safeguarding your privacy. As part of our recruitment process, certain Personally Identifiable Information (PII) may be requested by our clients for verification and application purposes. Rest assured, we strictly adhere to confidentiality standards and comply with all relevant data protection laws. Please note that we only collect the necessary information as specified by each client and do not request sensitive details during the initial stages of recruitment.
If you have any concerns or queries about your personal information, please feel free to contact our compliance team at businessexcellence@aptask.com
Applicant Consent:
By submitting your application, you agree to ApTask's (www.aptask.com) Terms of Use and Privacy Policy , and provide your consent to receive SMS and voice call communications regarding employment opportunities that match your resume and qualifications. You understand that your personal information will be used solely for recruitment purposes and that you can withdraw your consent at any time by contacting us at 732-355-8000 or help@aptask.com. Message frequency may vary. Msg & data rates may apply
About Client:
The client is a global technology solutions provider which offers a broad range of services including IT consulting, supply chain management, and the integration of advanced technology solutions for large organizations. The company partners with top tech firms like Cisco, Dell, and VMware, helping clients innovate through digital transformation, cloud computing, cybersecurity, and data analytics. It is known for its Advanced Technology Center (ATC), where customers can test solutions in a virtual lab environment. With a commitment to diversity, it has been recognized for its culture and innovative approach.
Rate: $60-$65/Hr
Job Description:
• Keeping a multi-site Splunk Enterprise (indexer clustering + SHC) healthy: upgrades/patching, daily/weekly health checks, capacity & license management, DR tests.
• Onboarding data cleanly and securely: forwarders/syslog/HEC; sourcetypes, props/transforms, timestamping/line-breaking, field extractions, retention.
• Improving performance and reliability: monitor ingestion/search performance, queues, storage/bucket health; remove bottlenecks; tune searches and data models.
• Enabling users: create/optimize SPL searches, dashboards, alerts; advise engineers, SREs, and SecOps on best practices and troubleshooting.
The most important duties are
• Operate and harden a multi-site Splunk Enterprise environment (indexer clustering, SHC, deployer/deployment server, RBAC, app lifecycle).
• Monitor and tune ingestion, search, and storage (RF/SF validation; bucket health; NFS tuning; queue depths).
• Lead data onboarding projects across on-prem, SaaS, cloud (Azure/AWS), K8s; ensure auditability and data-handling policy compliance.
• Build/optimize SPL, dashboards, alerts; coach consumers on SPL and performance patterns (tstats, accelerations, base/inline searches).
• Maintain DR posture and execute/verify failovers.
Requirements:
• 3–5+ years administering Splunk Enterprise at multi-TB/day scale, including indexer clustering and SHC in multi-site deployments.
• Expert SPL and performance tuning (tstats, data models/accelerations, search optimization).
• Deep data-onboarding skills (forwarders/syslog/HEC) and props.conf/transforms.conf mastery (timestamps, line-breaking, field extraction, value normalization).
• Strong Linux admin + scripting (bash, Python); networking/TLS fundamentals.
• Experience with NFS-backed indexers (operational tuning/gotchas).
• Clear communicator with a customer-enablement mindset; documents well; bias for automation.
• Nice-to-have: Splunk Architect cert; experience with ES, ITSI, MLTK, and SOAR; familiarity with data-science/ML concepts (to partner with teams, not to lead research).
The simplest and easiest way to see that this job is done well is...
• Cluster health green: RF/SF consistently met; successful failover tests.
• Low ingest error rate and low data latency to index; stable license utilization.
• Search KPIs: median and P95 search times within agreed SLOs; reduced scheduler/skipped search rates.
• Clean data: correct timestamps, low unknown sourcetypes, stable field extraction accuracy.
• User outcomes: growing self-service usage, actionable dashboards/alerts, and satisfied internal customers (shorter MTTR for incidents).
• No audit/compliance exceptions related to Splunk data handling or access controls.
Basic qualifications
• 3–5+ years hands-on Splunk Enterprise administration at scale (multi-TB/day), including indexer clustering, SHC, deployer/DS, license mgmt.
• Strong SPL and performance tuning (tstats, DMs, accelerations, base/inline searches).
• Data onboarding expertise: forwarders/syslog/HEC; props/transforms; timestamping/line-breaking; field extractions; retention planning.
• Linux + scripting (bash/Python); networking/TLS fundamentals.
• Experience operating with NFS-backed indexers.
• Nice-to-have: Splunk Architect cert; ES/ITSI/MLTK/SOAR; familiarity with data-science/ML concepts.
Non-benefitted (other than those mandated under state or federal law).Please note that this position does not include paid time off benefits. ApTask offers subsidized insurance coverage to our employees.
About ApTask:
ApTask is a leading global provider of workforce solutions and talent acquisition services, dedicated to shaping the future of work. As an African American-owned and Veteran-certified company, ApTask offers a comprehensive suite of services, including staffing and recruitment solutions, managed services, IT consulting, and project management. With a focus on excellence, collaboration, and innovation, ApTask provides unparalleled opportunities for professional growth and development. As a member of the ApTask team, you will have the chance to connect businesses with top-tier professionals, optimize workforce performance, and drive success across diverse industries. Join us at ApTask and be part of our mission to empower organizations to thrive while fostering a diverse and inclusive work environment.
Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.
Candidate Data Collection Disclaimer:
At ApTask, we prioritize safeguarding your privacy. As part of our recruitment process, certain Personally Identifiable Information (PII) may be requested by our clients for verification and application purposes. Rest assured, we strictly adhere to confidentiality standards and comply with all relevant data protection laws. Please note that we only collect the necessary information as specified by each client and do not request sensitive details during the initial stages of recruitment.
If you have any concerns or queries about your personal information, please feel free to contact our compliance team at businessexcellence@aptask.com
Applicant Consent:
By submitting your application, you agree to ApTask's (www.aptask.com) Terms of Use and Privacy Policy , and provide your consent to receive SMS and voice call communications regarding employment opportunities that match your resume and qualifications. You understand that your personal information will be used solely for recruitment purposes and that you can withdraw your consent at any time by contacting us at 732-355-8000 or help@aptask.com. Message frequency may vary. Msg & data rates may apply
